On Dec 2, 2014, at 4:52 AM, Heiko O <puettagoras@gmail.com> wrote:
Authenication works fine when Users only enter "username",but i want the users to login with something like "username@thedomain.net". But when doing this i get
(0) preprocess : --> testuser (0) [preprocess] = ok (0) [chap] = noop (0) mschap : Found MS-CHAP attributes. Setting 'Auth-Type = mschap' (0) [mschap] = ok (0) [digest] = noop (0) suffix : Checking for suffix after "@" (0) suffix : No '@' in User-Name = "testuser", looking up realm NULL (0) suffix : No such realm "NULL" (0) [suffix] = noop (0) eap : No EAP-Message, not doing EAP (0) [eap] = noop (0) sql : EXPAND %{User-Name} (0) sql : --> testuser
So… are you logging in as “username@thedomain.net”, or as “testuser”?
I did a lot of try-and-error with suffix ans Strip and configuring, but i can't get mschap to work.
The default configuration works. Try it.
How can I teach mschap to work with "user@thedomain.net"? BTW: The radcheck-table contains simply "username" with no realms, and that cannot be changed.
That’s fine. The SQL lookups are done using the Stripped-User-Name. The MS-CHAP calculations are done using the normal User-Na,e.
The second question is about proxying. Since the is only one RADIUS-Server, proxying is not needed. I wonder if i really have to add a realm and proxy the request to localhost.
No.
Is there a way to say "Hey, just answer all queries with @thedomain.org and don't proxy it to yourself"?
Read raddb/proxy.conf. This is documented. Alan DeKok.